This policy describes how STILARO collects, uses and protects the information of both the
merchants who install the app and the shoppers who use the virtual try-on in their stores.
1. Information we collect
Through the Shopify APIs
- Product data: We access the store catalog (name, image,
variants) through the read_products permission solely to display the garments in the virtual
try-on. We do not access customer data, orders or financial information.
From the Merchant
- Store domain: To identify the account and manage the
configuration.
- Subscription plan: To manage the type of service contracted and
usage limits.
- Anonymous usage data: Metrics on the number of virtual try-ons
performed, without any link to specific users.
From the Buyer
- Uploaded photo: The image that the shopper voluntarily provides to
visualize the garments.
- Anonymous interaction metrics: Technical widget events used
exclusively for error correction and performance optimization.
Important note: We do NOT collect names, emails, addresses or any personally
identifiable information (PII) from shoppers. We do not use tracking cookies or tracking
technologies in the storefront.
2. How we use the information
- Shopper photos: Used only to generate the virtual try-on image
(try-on process).
- Product data: To integrate the store catalog with the visual
widget.
- Merchant data: To manage the subscription, apply usage limits
and ensure the operation of the service.
- Anonymous metrics: For technical diagnostics and improvement of
system stability.
AI guarantee: We do NOT use users' photos to train Artificial Intelligence
models. Biometric or body data derived from processing is ephemeral and is never used to improve
our algorithms permanently.
3. Data retention
- Shopper photos: Deleted immediately after generating the result.
They are not stored on servers.
- Try-on results: Deleted immediately from the server. They may
persist in the browser's local memory during the session.
- Merchant data: Retained while the app is installed. Deleted after
uninstallation (via the shop/redact webhook).
- Anonymous metrics: Aggregated and not linked to individuals. With
no defined expiration date.
4. Who accesses the data
- The store (Merchant) — Data controller: Does NOT have access to
shoppers' photos or results.
- STILARO — Data processor: Processes photos in a transient and
volatile manner, without persistent storage.
- Google Cloud — Subprocessor: Provides the AI infrastructure.
Processes images transiently without model training.
5. International transfers and Security
Data transfers
Photos may be processed by Google Cloud services on servers located outside the European
Economic Area (EEA), including the United States. Google Cloud operates under Standard
Contractual Clauses (SCCs) approved by the European Commission. Processing is strictly transient.
Security measures
- End-to-end encrypted communications via HTTPS/TLS.
- HMAC-SHA256 integrity verification on all requests.
- Infrastructure with SOC 2 and ISO 27001 certifications.
- Implementation of Rate Limiting to prevent abuse and attacks.
6. User rights (RGPD / CCPA)
- Right to erasure: Guaranteed by design, since STILARO does not
store shoppers' personal data.
- Right of access: Shoppers see their images in real time. Merchants
may request their account data through our contact.
- Right to object: The user may choose not to use the widget if
they do not want the transient processing of their image.
- Right to portability: Merchants may request the export of their
usage and subscription data.
7. Compliance webhooks (GDPR)
STILARO strictly complies with Shopify's mandatory webhooks:
- 1. customers/data_request: We confirm that we do not store
shopper data.
- 2. customers/redact: We confirm that there is no shopper data to
delete.
- 3. shop/redact: We permanently delete all store data when the
app is uninstalled.
8. Contact
If you have questions about this policy or the handling of your data, you may contact us at: